Depending on the domain names in the applications' URLs the second application may be able to read the contents of the cookie set by the first application.

If the first application runs at http://nonprofit.org/a/ and the second application runs at http://nonprofit.org/b/ then the second application will get the cookie data because the browser will send it via HTTP headers.

If the applications are on different subdomains like a.nonprofit.org and b.nonprofit.org then you may have to update the code that creates the cookie to specify the cookie's domain be nonprofit.org. That will tell the browser to send the cookie data to both applications. Of course then c.nonprofit.org will also get sent a copy of the cookie data when the browser visits it and that may not be desirable for privacy reasons.

This is not necessarily true. If the cookies contain path constraints and they differ, they will not be available to anything on different paths. And I'm not positive, been a long time since I had to do it, but I believe you have to set the domain to .nonprofit.org (leading dot) to make it available to subdomains.